On 13 Nov 2002, Alex Ongena wrote: > I want to drop all broadcasts on INPUT in a generic way > without knowing in advance on which subnet/netmask my > appliance is.
> # iptables -A INPUT -d *.*.*.255 -j DROP > # iptables -A INPUT -d *.*.255.255 -j DROP > # iptables -A INPUT -d *.255.255.255 -j DROP > > where * is a wildcard matching any ip. Yes. Netmasks don't need to be contiguous or MSB-aligned: # iptables -A INPUT -d 0.0.0.255/0.0.0.255 -j DROP will drop anything with an all-ones LSO. Matthew.
